On Friday, 17. August 2001 09:20, egger@mlcomputing.de wrote:
On Thursday, 16. August 2001 17:41, maf@cybereye.co.uk wrote:
Hi Christoph
On 2001.08.16 15:35:07 +0100 Christoph Egger wrote:
On Thursday, 16. August 2001 14:26, egger@mlcomputing.de wrote:
Hi!
Problem description: -------------------------------------------------------------------------------
My _test_ - LAN looks like this:
192.168.2.0/24
| Host1 with 192.168.2.1
Gateway 1 (eth0) with 192.168.2.91 Gateway 1 (eth1)
Internet
Gateway 2 (eth1) with SuSE 7.2 firewall Gateway 2 (eth0) with 10.0.1.10
| Host2 with 10.0.1.21
10.0.1.0/24
I can do a ping from 192.168.2.1 to 10.0.1.10, but not to 10.0.1.21 and vice versa. It seems that the gateway 2 swellows packets.
What do you think, might be the problem?
I forgot to mention, that the SuSE firewall 7.2 definitely causes my problem.
FreeSWAN works fine for me as long as the firewall is down. But calling "/etc/init.d/SuSEfirewall_init start" and restarting FreeSWAN to not loose its firewall rules already causes my problem.
Sounds like you may be having some sort of masquerading problem. Have a look in yuor logs and see what packets the firewall drops.
Masquerading isn't activated at all.
Here more details: I am using the 2.4.4-4GB Suse standard kernel coming with SuSE 7.2 distribution. The SuSE firewall sets some values in various files in /proc/sys/net/ipv4/ echo 1 > icmp_echo_ignore_broadcasts echo 1 > typ_syncookies echo 1 > ip_always_defrag echo 0 > conf/*/accept_redirects echo 0 > conf/*/accept_source_route echo 1 > icmp_ignore_bogus_error_responses echo 5 > icmp_echoreply_rate echo 5 > icmp_destunreach_rate echo 5 > icmp_paramprob_rate echo 6 > icmp_timeexceed_rate echo 20 > ipfrage_time echo 1 > igmp_max_memberships echo "1024 29999" > ip_local_port_range echo 1 > conf/*/log_martians echo 0 > conf/*/mc_forwarding echo 1 > conf/*/rp_filter (manually disabled by me to keep it "0") echo 0 > conf/*/bootp_relay echo 0 > conf/*/proxy_arp echo 0 > conf/*/secure_redirects echo 1 > route/flush Is there something, which might cause my above described problem? -- CU, Christoph